Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
87a8ba8523c27e9e9a91e4393da47dc1f14ebc2f446bbb628a65922c4f5f4bcd
-
Size
1.5MB
-
Sample
230414-gxjkssge92
-
MD5
c4b8621945657b288e713836d421db1b
-
SHA1
ebbfedab10a4b2352b6a656ca58bb10a6f9fbd20
-
SHA256
87a8ba8523c27e9e9a91e4393da47dc1f14ebc2f446bbb628a65922c4f5f4bcd
-
SHA512
232926f788bbb9b736ccbe2536e48470f74737b28ebbb2cc9b1b8f1a3991cf9b971eba2b032d682795e8717a1918cb7feaac9b1f2814a4e9791788db324e454d
-
SSDEEP
24576:2ysYnYrbOXxTGBYg4F4hn4pWH9l1fVb7VMGFdadn33lMn/DT0itaxE8twZN0xjuC:FFXFIGWH9lHHtal3G30iV8twZN0Z1o
Static task
static1
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
amadey
3.70
193.201.9.43/plays/chapter/index.php
Extracted
redline
masi
185.161.248.90:4125
-
auth_value
6e26457e57602c4cf35356c36d8dd8e8
Targets
-
-
Target
87a8ba8523c27e9e9a91e4393da47dc1f14ebc2f446bbb628a65922c4f5f4bcd
-
Size
1.5MB
-
MD5
c4b8621945657b288e713836d421db1b
-
SHA1
ebbfedab10a4b2352b6a656ca58bb10a6f9fbd20
-
SHA256
87a8ba8523c27e9e9a91e4393da47dc1f14ebc2f446bbb628a65922c4f5f4bcd
-
SHA512
232926f788bbb9b736ccbe2536e48470f74737b28ebbb2cc9b1b8f1a3991cf9b971eba2b032d682795e8717a1918cb7feaac9b1f2814a4e9791788db324e454d
-
SSDEEP
24576:2ysYnYrbOXxTGBYg4F4hn4pWH9l1fVb7VMGFdadn33lMn/DT0itaxE8twZN0xjuC:FFXFIGWH9lHHtal3G30iV8twZN0Z1o
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-